PSIRT Advisories
FortiWeb - Relative path traversal in web API
Summary
A path traversal vulnerability [CWE-23] in the API of FortiWeb may allow a unauthenticated attacker to retrieve specific parts of files from the underlying file system via specially crafted web requests.
Affected Products
At leastFortiWeb version 7.0.0 through 7.0.1
FortiWeb version 6.3.0 through 6.3.19
FortiWeb 6.4 all versions
FortiWeb 6.2 all versions
FortiWeb 6.1 all versions
FortiWeb 6.0 all versions
Solutions
Please upgrade to FortiWeb version 7.0.2 or abovePlease upgrade to FortiWeb version 6.3.20 or above